E-Signature Law in India - Information Technology Act, 2000

As we all know, signatures are the identity of an individual. Traditionally, signatures are handwritten with pen on paper. However, now we can have electronic signatures! So, what brought this change? Digitization is the answer. Many businesses adopted the digital route for different business processes. This is the reason for which you can see better efficiency in marketing and sales.

Electronic signatures or e-signatures are a huge part of the ongoing move towards the digitization of businesses. This is one of the reasons to emphasize the information technology act in India. Wondering what it is, are you? E-signatures need valid legal recognition, and the IT act serves this purpose. In the following discussion, let us explore the legal precedent governing e-signatures in India.

The Basic Notion of the Information Technology Act, 2000

According to the Information Technology Act 2000, electronic signatures are legally valid in India. The Government of India focused on different advantages associated with e-signatures for presenting this regulation. The IT act is a clear platform to foster the adoption of digital technologies by Indian corporations and citizens. The act focuses on improving the ease of doing business and refining the storage of records.

Also, it focuses on raising the standards of safety, security, and cost-effectiveness of records. The information technology act is one of the drivers behind the recent rise in the use of e-signatures. One of the notable highlights that we can not miss here is the focus on providing electronic transactions using Aadhaar. Aadhar is the unique identification number issued to all Indian residents by the Indian government.

Indian law recognizes electronic signatures on the same grounds as that of physical signatures only with a few exceptions. On the other hand, the IT Act, 2000 also specifies requirements for the validity of electronic signatures. So, let us find out what are the requirements for the validity of e-signatures in India.

Also Read: UETA and ESign Act

Type of Signature Recognized in the Information Technology Act

The first thing to look at is the type of signatures recognized in the information technology act. There are two types of signatures in the IT act.

1. Electronic signatures combining aadhaar with eKYC service

Electronic signatures that combine Aadhar with eKYC service are the first type of signatures as per information technology act. Users who have an Aadhar could use an online e-signature service for signing documents online. This happens with the integration of the e-signature service with the Application Service Provider (ASP).

Users could have a mobile or web application interface, and this helps in signing documents online. They could authenticate their identity through an eKYC service provided by the e-signature service provider. The eKYC service could be an OTP or one-time password used commonly in India. The online e-signature service would work with the application service provider to give certificates and authentication services. All of these services would have to follow government guidelines.

2. Digital signatures developed with asymmetric cryptosystem and hash function

The second type of signature considered valid as per e-signature laws in India are digital signatures. Digital signatures created through the asymmetric cryptosystem and hash function are valid according to the information technology act. In an asymmetric cryptosystem, there is a pair of keys such as private key and public key. These keys are unique for each user and creates an e-signature. Users could get a digital signature from a reliable Certifying Authority (CA).

The CA provides a digital certificate that has the user’s name, the public key, and the expiry date of the certificate. The digital certificate also includes other essential information relating to the user. Many operating systems and browsers have a list of trustworthy CA root certificates. These root certificates verify the digital certificates provided by CA. In some cases, users could also get a USB token for signing a document. The USB token contains a personal PIN and an ID based on digital certificate.

Digital Signatures and Electronic Signatures are two similar looking terms but are different from each other. Check out the difference between the two i.e. Digital Signature vs Electronic Signature

The Criteria for Valid E-Signatures

The most important milestone for e-signature laws in India was in 2008. In this year, the Information technology act 2008 introduced some amendments. The amendment brought the definition of ‘electronic signature’ into the scenario.

Section 2(a) of the act stated the definition of electronic signature.

“An electronic signature is defined as the authentication of electronic records by subscribers through electronic techniques.”

Schedule II of the Information Technology Act, 2000 points out the definitions of electronic techniques. According to the information technology Act, e-signatures have to satisfy different criteria for validity.

The criteria can be outlined as follows –

  • E-signatures should be linked to the person signing a document with a unique ID. The unique ID is generally a digital-certified ID.
  • The signatory should have complete control over the data used to create the e-signature. The signatory should get this control at the time of signing. Generally, e-signature service providers authorize signatories to affix their e-signature to the document. This helps in fulfilling this requirement.
  • The changes to the document or the attached e-signature should be detectable. Users could fulfill this requirement by encryption of the document with a tamper-evident seal.
  • The e-signature is valid only if it has an audit trail. The audit trail is an account of the steps implemented in the signing process.
  • According to the information technology act, a certifying authority (CA) recognized by the Controller of Certifying Authorities (CCA) issues a digital signature certificate.

Suitable Use Cases for E-Signatures

An electronic signature is valid if it satisfied all these conditions. The Information technology act 2000 is presently the main governing law for the validity of e-signatures in India. At this point, there are no case laws that relate to disputes regarding the application of e-signatures. The different types of use cases where the standard electronic signature can be applied are as follows.

  • Commercial agreements among corporate entities. These may include procurement deals, sales agreements, and non-disclosure agreements.
  • E-signatures are also applicable to HR documents. The examples include employment contracts, new employee onboarding processes, and benefits paperwork.

Documents Which Cannot Be Signed Electronically

The IT Act 2000 also presents details of use cases that are not suitable for the use of digital signatures. The first concern involves processes that require handwritten signatures. But the IT act does not cover these use cases. It covers examples of use cases that cannot be signed electronically.

  • Handwritten negotiable instruments except for cheques.
  • Trust deeds documents, written by hands.
  • Handwritten wills or any testaments.
  • Power of attorney, written by hands.
  • Handwritten contracts for sale or conveyance of immovable property and interest in the property.
  • Real estate documents; the examples include purchase and sales contracts and lease agreements. Documentation for residential and commercial real estate can also not involve e-signatures.

There are a number of myths spread worldwide regarding the use of e-signatures. It is important to understand these electronic signature myths and facts behind them.

Legal Precedents for Stamping

Therefore, any document which needs a notarial process or registration by a Registrar or Sub-Registrar cannot use an e-signature. The information technology act also presents some insights into the requirements for stamping. This is one of the noticeable concerns while signing electronically.

You need to know that specific documents should be stamped before or at the time of execution. However, there is no particular law in India that outlines a method for stamping of electronic documents. The states of Delhi, Maharashtra, and Karnataka focus on stamping for electronic records.

The electronically accepted stamps can help e-signature service providers to design their solutions according to your needs. The information technology act also emphasizes that companies should always look into the legal need for stamping a document. If there is a requirement of stamping before signing and execution of a document electronically, the company should have a physical copy. The physical copy should be stamped.

A document can bring financial penalties if it is not properly stamped. In some states, there are penalties for deliberately not stamping a document. The penalties could either be in the form of fines or even imprisonment. However, these provisions are implemented rarely.

Other Valid Forms of E-authentication

As we discussed above, there are certain documents that are suitable for electronic signing. However, it does not mean that documents signed by other electronic means than an e-signature are invalid. The Information technology act also provides validity for contracts that use authentication methods specified in it. For example, a contract executed with email is an authentication method. Documents that use two-factor authentication such as OTP or a PIN could also be considered valid.

On the other hand, there is a slight problem in proving the validity of these documents. They are not the same as the documents signed with handwritten signatures. If an electronic contract involves any dispute, then it is essential to prove that the requirements of a valid contract have been fulfilled.

The parties involved in the contract should ensure the execution of the document by using a non-tamperable method. Even if this requirement is quite tasking, the use of email and two-factor authentications of contracts is highly popular. The technology and eCommerce sector make the most of this facility.

You would have to follow certain best practices to prove the validity of electronically signed documents. An important note, in this case, these best practices are suitable in case of using email or other forms of authentication.

  • The signing process should have a mechanism for verifying the identity of signatories. The mechanism could be a verification email to the signatory’s unique email address. The information technology act also allows sending OTP to the mobile phone of the signatory.
  • The signing party should provide consent for conducting the transaction electronically.
  • A clear description of the intent of the signing party to sign the document electronically with the method used for signing.
  • Secure tracking of the process with an audit trail for logging each step.
  • Use of a tamper-evident seal for securing the final document.

Based on these industry best practices, you can conform to the precedents outlined in the IT act for e-signatures. Furthermore, a clear awareness of these factors could help you find the best e-signature solution.

Still confused about adopting electronic signatures? Check out these top reasons to adopt electronic signature for your business.

The Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015

India achieved another notable milestone in regulation for e-signatures long after the Information Technology act, 2008 amendment. Despite the clear definition and availability of provisions enabling the use of e-signatures, they were not used. However, the Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015 brought a new change.

Also, the Digital Signature Rules (End Entity), 2015 came into existence. The most noticeable application of these rules provided the basis of e-signature regulations in India as known today. For example, the Controller of Certifying Authorities (CCA) developed with the Information technology act, received more powers. The CCA is now capable of regulating and providing the requirements and process for using e-authentication methods.

The Current state of E-Signature Legality

According to the Information Technology Act in India, the sole authority over e-signatures is the Central Government. The Central Government holds the authority for declaring reliable techniques for e-signature. The Central Government could add or remove any technique valid for electronic authentication.

However, the Central Government has not issued any notification regarding the concept of electronic signature. So, the only method used for electronic signatures is digital signatures. The examples of Aadhaar based identify verification and electronic signing show the fact. The Delhi High Court has asked the Central Government to introduce policies on the use of electronic signatures.

This clearly shows that the legal aspects of e-signatures are relatively underdeveloped in India. However, the IT act outlines the criteria for the legal recognition of e-signature in Section 5. The section outlines that if the prescribed requirements have been followed, then an electronic signature is valid just like a handwritten signature.

You should also take note of the offenses outlined in electronic signatures. The offenses can include publishing false e-signature certificates, identity theft, or publishing electronic certificates for a fraudulent purpose. The other offenses include misrepresentation or suppression of material fact to obtain e-signature or license.

While working with electronic signatures, it is commendable to understand how electronic signature works. Here is a quick guide to the electronic signature workflow.

Conclusion

Based on an outlook of the e-sign laws in India according to the IT Act 2000, the above discussion concludes now. The discussion provided information on the general concept of e-signature accepted legally in India. The types of e-signatures considered valid according to the IT act formed an important part of the discussion. The use cases suitable for electronic signatures and the unsuitable documents also refined an understanding of the legality of e-signatures in India.

Finally, the discussion focused on other forms of electronic authentication valid in India. Also, the discussion presented a brief illustration of the present state of e-signature legality in India. These details finally concluded a brief outline of offenses related to e-signatures according to the IT act.

Posted by Brian Felix

Leave a Reply